Phishing – what is it and where did it come from?
Phishing is considered the most common cybercrime in the 21st century. It consists in phishing out data about a specific Internet user (e-mail login details, e-banking password, account number, credit card details) to derive material benefits. The criminal, impersonating a person or institution, is trying to create a reliable enough message that no one will see the signs of fraud in him.
Phishing emails often look like notifications from the bank, the court or from an electricity or internet provider – this form not only increases the likelihood that the message will be opened and read, but also that it will not raise major suspicions, because in theory its sender will be an institution that enjoys big social trust. The scheme for creating such phishing content is usually the same: it is about encouraging an Internet user to update or enter data about him as soon as possible, otherwise he will lose it, along with access to pages that are important to him. Acquiring confidential information about network users has been a problem that has been around for almost 30 years.
When did phishing come about?
In the mid-1990s, the concept of phishing crystallized. It was then that crackers made their first attempts to steal data from the database of one of the major US Internet providers. Pretending to be employees of this company, they sent potential victims a request for an account password to, in theory, verify it or update their bank account number. For this reason, the term “phishing” is sometimes translated as “catching passwords,” although many believe it is rather derived from the name of Brian Phish, who was the first to use psychological techniques to steal credit card numbers.
Today, the spaces where this cybercrime is most often committed are banks, social networking sites and online auctions. It is in these places we leave the most information about ourselves, thus increasing the risk of a phishing attack.
Phishing personal data
Phishing attacks usually look similar. We receive (spam) messages via, for example, Facebook or email. We are one of the many that receives such a message, after all, it is about obtaining the largest possible amount of data, and therefore more money. Among the most frequently entered content we will find those about the possibility of deactivating our bank account. The website, deceptively similar to the real bank website, then intercepts the information entered by us, often using not only our lack of awareness, but also system errors. There have been a lot of phishing attacks due to an Internet Explorer error a few years ago that could hide the real address of the page being viewed.
A well-designed phishing site usually works for about 5 days before a filter detects it or reports a user for verification or removal. Increased vigilance is recommended, because the quality of such pages and messages is very high – fake websites look almost the same as the originals, and their number does not decrease at all, because criminals are still registering new ones in place of old, removed ones.
Most phishing messages reach us via email and electronic banking as well as social networking sites. Although over time, our awareness of e-mails and messages, which are mere spam, has increased, but the tricks used by cyber criminals are still causing us to open some of the messages that we should immediately delete.
How do you recognize a fake message?
First of all, remember that legally operating websites will not be urging us to visit them and log in to them. If we have doubts about the veracity of such a message, please contact the site administrator or, in the case of banks, the persons responsible for security.